On 02/06/2003 06:31:03 AM "Remus" wrote:
>I don't like to make a flame but how shell (perl) script can be used
>for the
>DoS attack.
>The script just looks to snort alert file and blocks IP address, nothi=
ng
>more.
>It is very simple to configure but it makes very strong firewall
>together
>with the snort. :-)
Scenario:
You have a Firewall and an IDS with active response which blocks IP
addresses when an attack signature is found. (It doesn't matter if you
block only for a certain time.)
A hacker forks attacks and changes the source IP address of the packets=
to
the Root DNS Servers, or cnn.com, or linux.org, or, or, or.
So your Firewall is blocking e.g. the Root DNS Servers now..... No more=
DNS
and no more Internet for your. You will turn off the IDS active respons=
e
soon.
That the DoS problem with an active response IDS system.
Heiko
=

Hi Heiko,
I don't like to make a flame but how shell (perl) script can be used for the
DoS attack.
The script just looks to snort alert file and blocks IP address, nothing
more.
It is very simple to configure but it makes very strong firewall together
with the snort. :-)
Best regards
Remus
> On 02/04/2003 05:34:23 AM "Remus" wrote:
> >Guardian web site is http://www.chaotic.org/guardian/.
>
> I added it to our feature list, but it could take quite a while until it
> will be implemented.
>
> I'm personally not a fan of active respone systems, because they can be
> easily used for a DoS attack.
> ( OK, for a home internet connection the chances are quite low that this
> happens)
>
> cya
> Heiko
>